Opera Download File Type Dialog Spoofing

2004-12-10T16:44:09
ID OSVDB:12291
Type osvdb
Reporter Andreas Sandblad(as@secunia.com)
Modified 2004-12-10T16:44:09

Description

Vulnerability Description

Opera for Windows contains a flaw that may allow a malicious user to spoof files. The issue is triggered when a malicious user sends specially crafed "Content-Dispostion" and "Content-Type" headers contains dots (.) and ASCII character code 160 occurs. It is possible that the flaw may allow trick the user into executing malicious files resulting in a loss of integrity.

Solution Description

Upgrade to version 7.54u1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Opera for Windows contains a flaw that may allow a malicious user to spoof files. The issue is triggered when a malicious user sends specially crafed "Content-Dispostion" and "Content-Type" headers contains dots (.) and ASCII character code 160 occurs. It is possible that the flaw may allow trick the user into executing malicious files resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:12981 Other Advisory URL: http://secunia.com/secunia_research/2004-19/advisory/ CVE-2004-1490